The broadcast delivery of digital content often uses scrambling of the broadcast stream to protect the content against unauthorised viewing. The key to scramble and descramble the broadcast stream is called a Control Word (CW). A Conditional Access (CA) or Digital Rights Management (DRM) system implements the selective distribution of the CWs to authorised receivers only. A common attack uses the fact that a CW is a shared key that unlocks content on all receivers. An adversary can break part of the key delivery infrastructure to obtain CWs and can re-distribute these keys to unauthorised receivers. This CW sharing attack is prevented by securing the delivery of a CW to a descrambling and decoding chip set. Current chip sets support a key hierarchy to secure the CW delivery based on secret keys installed during the manufacturing process. A typical receiver diagram is illustrated schematically in FIG. 1. The exemplary chip set 100 of FIG. 1 uses symmetric cryptographic algorithms, but it is also possible to use public-key cryptography for securely delivering CWs to a descrambling and decoding chip set.
With reference to FIG. 1, the chip manufacturer personalizes the descrambling and decoding chip set 100 with a pseudo-random value for the Chip Set Unique Key (CSUK) and assigns a value to the Chip Set Serial Number (CSSN). The CSUK is the most valuable asset of a chip set since this is the key from which all other keys are derived. The manufacturer supplies a list of (CSSN, CSUK) pairs to a CA/DRM supplier, enabling the loading of a value of the Chip Set Load Key (CSLK) into a particular chip set. In particular, the CSLK is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSUK of the chip set 100. The CSLK is used to securely load a CW into the chip set 100, as depicted in FIG. 1. In particular, the CW is supplied to the chip set 100 in encrypted form, and may only be decrypted using the CSLK of the chip set 100. Subsequently, the CW may be used to decrypt encrypted content supplied to the chip set 100.
Variants of this CW loading mechanism are described in EP2362575, WO2012/072703, WO2012/072704, WO2013/060391, WO2012/072707 and WO2013/120538, all of which are incorporated herein by reference
There also are vendor-specific proprietary mechanisms to load keys into a chip using a secured on-chip module. These modules typically are specified by Conditional Access vendors or Digital Rights Management vendors and they are implemented within a secured processor module of a System on a Chip (SoC). The secured processor module is a separate computing platform on the SoC implemented in a way that secures the functions and data in the module. FIG. 2 is a schematic diagram of some typical components in such a SoC 200.
FIG. 2 schematically illustrates the architecture of a SoC 200 including a secured processor module 210 and an application processor module 220. The secured processor module 210 includes secured memory modules, such as key registers, SRAM, ROM and one-time programmable (OTP) memory. The secured processor module 210 also includes cryptographic components such as Data Encryption Standard (DES) and Advanced Encryption Standard (AES) modules. The secured processor module 210 also includes a random number generator, a private CPU and custom hardware modules. There is also a serial link for communicating with a serial link of the application processor module 220. The application processor module 220 includes a main CPU, functional modules and memory modules (e.g. ROM and SRAM). The application processor module 220 also includes a content decryption module to directly receive CWs from the key registers of the secured processor module 210.
In order to implement the key ladder shown in FIG. 1, the private CPU in the secured processor module 210 is initialised with firmware to (a) receive an encrypted input message from the application processor module 220 via a serial link, (b) retrieve the keys indicated in the input message from the key registers, (c) set up the AES/DES module to process the encrypted parts of the input message, (d) retrieve the result, and (e) to send a content decryption key (i.e. a CW) to the content decryption module of the application processor module 220. The keys are stored and used entirely within the secured processor module 210. There is no component in the application processor module 220 that can directly access the internal data within the secured processor module 210. The resulting CW is transmitted using a dedicated data path to the content decryption module that cannot be read or modified by the main CPU of the application processor module 220.
The manufacturer can implement most proprietary security functions using dedicated firmware in the application processor module 220 and/or the secured processor module 210. However, for some very specific proprietary security functions, an implementation using custom hardware may be necessary; hence the custom hardware modules in the secured processor module 210. During the manufacturing process the custom hardware modules can be enabled selectively, as described in PCT/EP2012/004267 filed on 10 Oct. 2012, which is incorporated herein by reference.